Security
Logging & Monitoring Policy
How Finpliq records important activity without exposing sensitive data.
- Owner
- Security & Operations
- Effective from
- 8 July 2026
- Last reviewed
- 8 July 2026
- Review cycle
- Annual or following material change
At a glance
Finpliq logs security, authentication, admin and filing events for accountability.
Logs must not include passwords, MFA secrets, recovery codes, raw HMRC secrets or payment card data.
Full policy
Audit logs should cover login-sensitive events, admin role changes, MFA events, filing actions, approvals, high-risk exports, business switching and security incidents where implemented.
Monitoring should help identify failed logins, repeated MFA failures, unusual admin activity, filing errors, service failures and supplier outages.
Log access must be restricted to authorised administrators and support/security personnel.